#quiet-conversation

i remember trying to install when i was a teenager lol

I have used Ubuntu and pop OS as main OSes in the last few months

yeah, it's not very easy, but still achievable. I followed recommendations on arch wiki and watched some videos

How much time did it take

around 2 hours

reminds me of gentoo. but great way to learn about lGNU/linux

I want a distro that gets my work done, I don't want to work on the OS for a long time, what distro should I use?

yes it is indeed a great way to learn!

parrot is nice

mint is great too

Should I stuck to Ubuntu, it seems to work well for me, would I waste my time distro hopping at this point?

yeah unbuntu is great

I had mint for a day when I first Downloaded Linux from windows

It's decent but not a good way to LEARN Linux imo

its all debian

Exactly

if you want to learn Linux more deeply, maybe I'd suggest you trying arch

whatever floats your boat. arch would be fun to learn.

i say its like working on a car

VM or live boot

but yep, it won't be so easy at start

I don't mind learning and solving problems at all

I enjoy it in fact

yeah its just like baning your head against the wall but after you get numb to it 😛

well Ig you can try to install it straightaway on live. if you follow the tutorial you'll get it to work

How is the gaming performance on arch, ik it's not smth an arch user would prioritise but I play games occasionally

can't say much, I don't play games. if I did, I guess I still do it on windows

What do you think of dual boot? Ever had a bad experience with it?

i try it with kali didnt work out

It's not bad, I have a friend who runs in on bare metal and it's not too noticable

dual boot is definitely a way to go. my setup is dual boot

Yea, windows usually tries to eat ur grub it's not fun

Interesting, never had any issues with it eh?

That is what I hear a lot

luckily I hadn't

but yeah some shit may go wrong any time

My friend dual booted windows and Ubuntu and Ubuntu stopped working after some time of not using it

It didn't boot anymore

that's interesting

What was ur first distro?

ubuntu I think

Dual boot for what?

Nice

my second was debian as far as I remember

Games and Microsoft only applications

And what about the other OS?

I am considering switching to debian from Ubuntu

Programming, hacking machines on the Linux OS, games on windows

You should hack in a VM not on a host

parrot is a lighter version of kali if you are doing security

It’s not good security practice to hack on your host

or use a separate machine only for these needs

Run windows with a Linux VM

No.

so with arch, do you just have the terminal at first. then you decide what packages you want to download? what makes it hard for the avergae joe?

That is what I do, Kali VM for hacking

What’s the purpose of dual booting then? 🤔

Currently I use Ubuntu as a main OS for programming
-Kali VM for hacking
-windows VM for some work
-windows server for server administration stuff

arch if you want to be badass

pretty much yes. you setup the system manually, like the keyboard, internet connection, install packages, etc.

install a desktop environment or window manager

Is stock debians installation similar

Or is it simple like Ubuntu

true words

hahah yeahh buddddy

:)

alots of distros are debian base just comes with different flavors

Why don't people just use debian instead.of debian based distros, what makes it less popular

different needs, different wants

real g's will use LFS

hahahahha awesome

Hey, can I have a quick DM with you?

Sure

what movie was that in your profile pic?

i think he acted in th egodfather

sunny

I think it's a movie with ryan gosling, ehh forgot the name

bladerunner

yeah right!

but the guy on my pfp is terry davis

IS IT

TEMPLEOS

yeah right, the mind behind this gods creation

did you see video on him?

depends what video exactly

https://www.youtube.com/watch?v=UCgoxQCf5Jg

oh that's a popular video, yet I guess still haven't watched it

thanks for recommending it

🍿

lol

whats up?

today learned about basic network stuff on thm. that's all of my progress for today

😅

lol! little by little. Brick by Brick!!!

yeah at least I'm trying to lol

im 34 and im starting to learn about computers again.

good it's never too late

nope! never too late! always fun to learn even through it can be frustating sometimes

that's true yes

sometimes I get too frustrated or even mad that something doesn't work

lol join the club!!!

but I guess I should view it as a part of the process

o my god yes

im always re reading over try hack me courses

btw do you have a subscription?

i do

damn that's cool

I don't, but 80% of the content is free so i guess i'm fine for now

yeah thats a great part about tryhackme

yup

hack the book is really diffucult

yes I heard about that too. it's more difficult

but yea I think we'll get there

one day at a time

samething with me and weldin

yup this approach applies to any skill

makes me wonder how insecure some companies are tho

yea I remember how geohotz jailbreaked Iphone or his Sony hack

legendary

lol yes man i forgot about that one!

not sure if it's the right example, but it's crazy that this guy competed with such large businesses

alot of those big companies had weak security. they don spend enough money to make it secure. It all goes to the share holers and CEOS lol

hows it going?

not bad. I just woke up

sleep good?

yes. but I think I need to go to bed earlier, my sleep schedule is messed up

yeah. i get like that when i work night shifts.

hows it going?

Anyone here? I'm new :P

hello can someone help me to use Hydra right ? i got a really weird stuff

what is the problem u are facing?

By any chance, is there someone who can help me to explain upload reverse shell? I completed room upload vuln but still have couple of questions. Thanks

yeah what do you need to know @lucid bane

First of all thank you for your answer! My question is, when you upload a file on a web, when I click on uploaded file or try to open it via link, it is automatically downloaded to my computer and not executed on a web. Or is it? That's what I don't understand 😄

Gave +1 Rep to @hidden canyon (current: #807 - 4)

Also, is there any automated tool to scan web vulnerability which is for free?

you can use curl

owasp zap is good

is anyone playing Exfilibur room?

#1210662756659765330

tks

is there an issue with thm vpn, my machine shows the tun0 ip but the website is not reconizing it

Ipconfig tun0 up

How is it not being recognized?

Access machine page is borked.

shhh quiet

i like quiet

Nikto

Hello. I am new . Can anyone pls guide me what I should do. How to start. Thank you

#start-here

Hi Guys, hope everyone is doing well. I managed to clear the Sec+ in the first go, was wondering how best to leverage this. Any tips /inputs would be most appreciated. Thanks

hello

Hey yall, I'm new here. Looking for some fun beginner/intermediate rooms, what do you guys recommend?

Can wireshark be used to listen to live phone calls?

No

how did you guys start learning

ethical hacking

Hello I keep receiving unable to connect in firefox after putting my attack machine address even though I'm connected to openvpn in virtual box kali

if the link is https remove the s so it becomes http. Thats usually the first thing i try

#start-here

Hlw..

I am new here

I will try to use codecademy

Hi, what is it worth writing walkthrough and writeups ?

its good practice for doing PoCs

Don't stop studying and prep for cysa+

What you learn in security+, leverage that and learn some more stuff in cysa+ and you can pass it

Don't wait like me after 3 years of security+

I had to relearn couple of things from sec+ in additional to what cysa+ is asking

Also you can try to find gov job with sec+

Professor Messer on Youtube, Get Certified Get Ahead for the book, and Dion's practice quizzes are what I used. The Sec+ exam was basically a recap of core concepts from my degree though, so ymmv.

Hlw..
I am new here

Thanks, I was hoping to get into a job before going for cysa+ , are there private companies hiring for remote positions for these kind of roles? Any info would be helpful

Gave +1 Rep to @signal gale (current: #2013 - 1)

Yeah, i used Jason Dion course, the Gibson book and McGraw hill test bank to get through, my question was more about how best to move forward towards getting a job now. Thanks

Not really remote position which is hard. Since I am living in West Coast and apply most job

They require you to be East Coast and/or near where the company is at

They can at most do hybrid but they tend to want someone on-site

I am sure once you work for them a year or so you can do more stuff remote, but I probably lean it being very rare chance

Gotcha, I could have sworn you were asking how to pass on the first go, so my bad

Do you have a degree?

Where are you geographically?

Yeah, have a degree in comp sci , based out of India

Oh ok, yeah it does look like getting a remote position is quite rare

shhh quiet mouse

hh

Hello

3 mar

is this channel called quiet conv* because of what?

like is it relevant to the topic of conversations?

for I've been wondering for a while about a certain question

it has a slowmode so its much more calm and not overwhelming

what'd be the point

Sometimes general gets a bit hectic

i might put linux as my childs middle name

or tux

Dang

R.I.P ollie.

Ollie 😢 R.I.P

R.I.P. ollie

R.I.P OLLIE 🥺

hey i am unable to find the solution for Insert flag15 here in Windows Local Persistence
walkthrough

#room-help or #room-hints would be the best place for this.

Hola

So, speaking about VPN, can anyone recommend a VPN provider (or advise against it)? I narrowed my choices down to three: ExpressVPN (being the most expensive one), PureVPN (being the cheapest one) and NordVPN (maybe the most popular one, but so heavily advertised that it seems suspicious 😄 )
Any thoughts? (Living in Central Europe, since it might matter)

https://mullvad.net/en is very good

NordVPN is heavily frowned upon by most people here, and are famous for the amount of breaches they have

ProtonVPN is also a solid choice

I have seen a lot of people here recommending Proton, also I've seen people talked in favour of Mullvad. I personally have used Nord since 2018 and I have never had an issue.

Thx guys, might take a look at Proton actually, since I already have a mail account there. Allthough I am not sure about their free version. Like everyone says that free VPNs are often lacking certain standards/features.

If you want a decent free VPN, checkout cloudflare WARP

what are you trying to accomplish with your VPN use-case?

Privacy (even though I don't have much to hide) and increased security. Even our ministry recommends using a VPN for private use, I found out today 😅

For now I was using one only for business cases (Home-Office)

do you know what split tunneling is, and the pros and cons of it? VPNs don't actually give better privacy or security unless you have concerns about the websites you visit being datamined or similar. If you are only browsing HTTPS websites and are concerned about some organization or individual looking at the content you browse, a VPN doesn't really do anything extra.

Yep, I know about that.
I have to admit, I might be a bit paranoid lately, but yet, not using ones "true" IP address should always be plus, privacy wise. No?

Oh, and I am travelling a lot, using wifis on airports hotels and other public areas. Where I also think a VPN might come in handy

so long as you are careful of the certificate chain, you shouldn't really have a problem. Wifi is kind of garbage in general, but there's a difference between sniffing your traffic and decrypting the contents. "True" IP address is a bit of a misdirection, as IP address is dependent on the network your traffic is originating from. Your "true" IP address will be the endpoint that your target address sees, and depending on how the VPN is configured, DNS queries may still be obsesrvable by your ISP.

the actual effect of a VPN on a public wifi network is that you are going to experience slower download speeds, as your traffic ends up with a lot more overhead due to the tunneling.

I mean that's still cloudflare but if you're fine with that

I have a wireguard setup up to my home network I use on public/hotel wifis

Even then, I’ve been thinking. Is there such a big threat model with public WiFi that you have to use VPN?

In airports and cafés, yeah, as the wifi is usually unencrypted

With HTTPS being more common it's less problematic

I'm not sure what you mean by this

you can also just enable https-only mode in the browser

Assuming the server on the other end supports it

Which is more and more true

yup

even if the server doesn't support it, I'd rather have temporarily no website than an possibly compromised one :p

Ye, but HTTPS still has the url in the clear

oh well

They've had privacy issues in the past

I see

Not just HTTPS but CAs and other mechanisms that are installed on the browser itself

Hi am new here pls I can’t see my first task transfer of bank account balance to proceed to th next stage any help

what/where

Have you looked in #room-help ?

keywords search in path channel is always a good shout to get hints

Sometimes yeah

why does thie not work?

To which are you referring to?

i dunno

not important

Because shenanigans or user error

https://tenor.com/view/lies-liar-south-park-shenanigans-gif-14746341

wait... this is what he says in the english version?

yup https://www.youtube.com/watch?v=UbtByiZrKqY

where I come from its simply: cheating booth

hello friends , any suggestion to bypass this fiilter

function filter($command) {
if(preg_match('/(`|.|$|/|a|c|s|require|include)/i', $command)) {
return false;
}
return true;
}

if(filter($command)) {
eval($command);
echo "Command executed";
} else {
echo "Restricted characters have been used";
}
echo "\n";

What’s this from?

im just solving a web challenge

is there any blogs for the progress of bug bounty i looked at hacker ones hacktivity but that barely shows anything

Link?

Ollie

is this quiet-conversation or try the bot and dog pic channel?

Both

Hello, can we please use bot commands in their respective channels please? #bot-commands

Thanks! 😄

@odd acorn

Done!

@loud harbor for bot commands use #bot-commands 🙂

Evenin’ all!

Good evening ladies & gentlemen

Hello internet people.

Hey friend

I realized this weak that it's a lot easier to hack with friends than to do it alone. I think it really helps you keep a streak when you've got morale from others doing it with you. Kinda like hitting the gym. Anyone wanna team up?

we can team up

Hello everyone, I am having problem form the answer with benign challenge last question. I found the answer however everytime I type the answer it says incorrect. Can anyone help me on this? Thanks

Hey that seems to be a good idea leats team up

lmk : )

Hello everyone!

I am a new member!

Hello

hi

How to sanitize in python?

What du you want to do? get rid of characters or symbols in strings?

I wanna remove script tag in payload in python.

u can achieve this with .strip

I wanna use html sanitizer

look at the docs and how to properly sanitise html.

that's whole other layer
why does it sound so difficult? even though naturally so basic?

Awesome. Can I dm you?

Great... Can I dm you?

Hey and Welcome.
How are you finding it so far?

hi

How are you

Nice to meet you!

I'm doing great. I'm from Ghana.
How are you?

Nice to meet you too

I am good. I am from Serbia.

Thats cool. What's your username on tryhackme?

Or better still, what's your username on tryhackme?

And yours too. Your username?

Mihailo Katanic

I think I just sent you a request. I find that it's a little easier to keep a streak when you're doing it with a team of friends. You can join the invite if you agree. uk, for the morale 🔥

OK good!

But how?

On the last section on the right side of your dashboard page, you can find friends and see their daily progress and be encouraged

Yes please

wow, ive never seen this before but tbf ive never added friends in thm.

Can I dm?

I actually found out only recently. The internet outage really took a toll on my streak though

For sure 👍

Yeah sure

I want to have friends too 😓

There's no such thing as too many friends 😁
What's your THM username?

h8ag

sent you a request

Welcome aboard friend

you can add me if you want

Sara98 on THM

Wow

I gladly will

Request sent

damn this chat is very friendly

This whole server is 😄

@plucky badger

request sent 😁

Yhup yhup yhup

Any room for one more? My THM is (ImN0tGrimm) the O is a zero

@acoustic talon

😬 I can't find this one. My own username is Raydote. You can go ahead and send an invite

Oh no, I just tagged them to let them know about that : )

Are you inviting people to a rooom or adding their discord?

I know that they looking for same like us

I'm adding them up as friend on tryhackme. It allows us to track each others progress (streak, current room, points, profile etc)

Id love to be apart if you'll have me🙂

Hey team! Let’s start learning together and maintain streaks lol

Yoooo

Hi!

Add me if anyone wanna ace up learning cybersecurity skills here with me

| majestic_capybara_80895 |

What's your username on thm?

Can't find you.

Oh! Lemme go check

majestic_capybara_80895 It's the username

w usernmae

I don't have any idea. Why you all unable to find me.

What's your username! Lemme add from my side

No I ment

I'm Raydote

That's my username

Yeah, I sent request

dead chat

is not dead, it's quiet, the clue is in the name 😉 😂

ImN0tGrimm but the O in not is a zero

😬 I see to have hit my maximum amount of friends I can add. Try adding me instead.
Username: Raydote.
I don't know whether it will work

Excuse me, Mr Popular 😉 😂

It's not working is it 😥

#rules

Wow

Hello guys

New here

I sent a friend request, if it doesnt work, no worries. Ill see ya around on discord😁

It worked

Please don't minimod, no rules were broken here that I can see

Hey guys. I'm new to the world of hacking. I'm from India and would love to team up. Thanks !!

Nice ! keeping it up hackers

Hey anyone wanna teamup / share knowledge on doing machines

I'm down if it means being consistent 🔥

Folks! Anyone learning Soc-1. Let me know! Let's finish it up together..

the end of that sentence didn't sound right 😂

Im going to add you too if you dont mind xero1726

how many friends are you allowed to have?

Way to go @uncut shell Your consistency is impressive 👍

A maximum of 10

wow

thats not alot

Yeaa, been taking notes with Obsidian recently and its pretty great just finished that Networking Intro and have it eh "compacted" down to 750 words lol

Haha! Atleast that way I can finish up lol

Never heard of Obsidian till now and wow. thanks for sharing. I'll give it a try

Gave +1 Rep to @uncut shell (current: #2034 - 1)

that sounded even worst 😂 😛

I gotchu “let’s do it together”

Hey guys, what virtual machine is the best?

Do you mean hypervisor? If you're talking about operating systems, use what fits your needs best.

I want to install kali Linux for my Mac, what is better to use vmware workstation or virtualbox

You're going to need to choose a hypervisor that fits your CPU architecture

Apple Silicon has a different instruction set than Intel x86 so you're options are going to be different

Also note, your performance is going to take a hit because whatever you choose is going to need to emulate the hardware/instruction set kali needs through software

Okk thank you 🫶

Obsidian is a great tool.

Cherry tree too

Obsidian + markdown ftw :3

I am using qemu for having kali as vm but I hate that it's capped to 60Hz and while searching I tried gpu passthrough but I figured it's only for multi GPU use only, is there any other way?

You could try VMware.

Vmware afaik doesnt support GPU passthrough atleast not in their free version nor have i see options for going above 60hz.
Sadly just one of the downsides of VMs

Workstation pro doesn't do it either.

If your not scared, you could even run a kemu docker 👀

perhaps you could just run CLI-only with WSL

I heard a while ago that theres even GUI support for WSL now

Hi everyone, I get the "restart pause" error when using vpn, does anyone know a solution?

Whats that

kasm, mb, i confused it with qemu

guys gotta be quiet in here shhhh

Is there any service that has that provides that feature?

None that i know off, if you really need it you're better off either dual booting or depending on what you need it for eg. hashcracking, just run that on the host

Just VM but it's fine. Not the end of the world xd

I have tried dual-booting but I have been using HTB vpn and it doesn't work that well on host they suggest to use a vpn so idk what to do😂

Hello guys I need a friend for Bug hunting i am a beginner because i don't have any cyber security friend 😞

Join the general voice chat

yo fatty kitons how do i eat burgers

another fun thing is, if you're having trouble summarizing a text like i tend to have~ ChatGPT is pretty good at that

Also, the Obsidian Nord Theme is soo much better than the default lol

loved it, tks

booo nord is not good
use catppuccin instead

loved the colors, hated the font

???

eh it nice but i like some difference in colors for my notes 😅

should be easy to change the font

i'll go with nord, old habits die hard

i've already been using it for 4 minutes now

ah, 10 minutes here

the old me was such a 🤡, who uses default?

ikr

shadow is probably never switching of catppuccin now as they more or less got all apps to use it at the same time

Oh yeahh.. I been doing that too. I got the version 4 so sometimes I copy everything in section of a room and I ask it to explain with analogies. Great tip Sara

why i am just hearing about Obsidian, I have been using Notion this whole time 🥲

I been looking for a Notion alternative. And i can migrate my notes too 😆 . Thanks for sharing! @uncut shell

Gave +1 Rep to @uncut shell (current: #1015 - 3)

nice, another Obsidian Nord user in the wildlife

@south inlet

Yeah. They've already left.

I guess we are all using obsidian now

Downloaded it on my phone like a month ago but never installed it on my pc

Obsidian is great... Until you stick anything malicious in your notes (e.g., bad powershell commands, maldev stuff, tools, etc)

At that point antivirus kicks in and reminds you why plaintext is a very bad format for hacker notes

How did you change the color?

Cog wheel at the bottom left -> Appearance -> Themese -> Manage ; so you can download a new theme

I got a different theme but you've got differently colored text

It's just Obsidian Nord, it depends on the theme you pick

oh

I'll give it a try, I downloaded the Minimal one

til obsidian has themes

I get it now, I was confused because I watched YT video and they had a color picker for text and I didn't see that anywhere on my Obsidian

Ah, there's also community plugins, which that might have been

Why is the number '37' everywhere? https://www.youtube.com/watch?v=d6iQrh2TK98

missed opportunity to make the video 37:37 long

there's a shlong joke there somewhere

Hey guys, I hope you are doing great! I am trying to do "Crack the hash" the room but last 2 task of Level seems impossible to crack it even though I followed the some guys and did the exact same thing but I cannot get the result, did someone do this room? If so, I appreciate anyone who will ping me about that..

#room-help

thanks, I confused 2 times 🙂

hi guys

heyo! I'm also new, and I honestly hope this server will help me keep it up with the courses, coz in the last month I totally forgot/didn't have time for it, and it felt kinda like a waste of money - it sucks you can't "freeze" your remaining days which you paid for

and the server seems to be nice and helpful, I'm looking forward to stay here ^^

Hello,
what is the best recommended thing I should do in order to improve my thinking as a web pentester , and does learning a full stack web development helps ?

@loud spindle learn basics about web ( like the working , technologies ) , then you are able to think like a pentester of web, and learning full stack is not recommended because , it's better to learn those languages which are used in web and go into deepth of web, to make it secure.

actually I am not familiar with web can you clarify for me please
do you mean like I need to learn how web works, and technologies like what

ofcourse bro ! if you want pursue web pentesting , it's compulsory to know its working and technologies , so that you find any bug and make it secure

when we understand the problem(battle) , then we bravely solved(played) it!

so the best thing I can do right now is to understand web and how it works and I think network is crucial too

I think U understand,

Thank you brother , I appreciate your help

Gave +1 Rep to @ebon fog (current: #515 - 8)

@raven delta please leave enforcing the rules to the mods

sorry didnt want to enforce rules, just wanted to tell him to start with the basics. Ill keep out of it

1337

I thought the important number was 42 😉

Happy Friday, everyone

Hey guys, new here. Am i allowed to ask for help? I'm trying to reverse engineer a potential 0 day, but i'm no expert.. Yes i got hit with it

"got hit"

You got hacked?

yep, one of my environments unfortunately.. it's super sophisticated for me

There are rules regarding handling machines for forensics purposes...

hello

can someone teach me hacking

Have a read over #start-here

this is a cyber security server

general rules or on this server rules? unfortunately the machine had restarted before i had a chance to image it, but i did find enough for a full investigation which ive been doing myself so far

not a hacking server?

Legal rules usually

I hope you're investigating on a copy

It's an ethical hacking server, not a black/dark hat teaching community.

We do bad things within the law

yeah like that

Usually on non prod

i meant ethical hacking

i got an account what should i do?

Then read over #start-here

Guys i'm just an IT administrator, and a client got hacked.. i've take the info that i have found and am investigating, so i am checking if anyone would like to assist, if this isn't the right place maybe someone knows of one?

I think you should contact the authorities and more dedicated team of people?

Instead of a random discord you just joined?

As Hydra said earlier, there are rules with this sort of thing, legal and professional.

Please don't ask for more help on this situation please.

ok thanks

i have a doubt i cant see the fake bank machine page

#room-help please

said rules are centred around keeping proper custody and integrity of the issue so that it can be admissible in an eventual court proceeding. If you do not have the competence in house for this, then contact your local law enforcement who may have expertise. Also depending on where you are, there may be mandatory reporting requirements.

i'll look into it, thank you @twin ridge

Gave +1 Rep to @twin ridge (current: #11 - 562)

Hey guys, new to this discord. Wanted to know, what's the interest of Black Hats? Are they really an essential part of this hacking ecosystem, or would you turn them all into White Hats if you could?
Not aspiring to be one at all, I'm just genuinely interested in having some of your opinions on it

@odd acorn can probably give you a good answer to this

Ty for forwarding this haha

Well there’s no interest here in black hats, as in this is a ethical hacking server but there not really essential because obviously I think everyone in this server would wish there was no black hats because of the bad they cause people, but even if there were no black hats (which is impossible) there would still be a need for information security and critical infrastructure security etc

Of course, I didn't mean it as an interest in this particular server, but in general. And I don't mean to bring attention to these things in an ethical server, I just want to know more about it. Tell me if it's not the right place to do so.
It's just that I've seen public servers where they're -well, not explicitly encouraged- but accepted. Like they're necessary to something, and I find that really interesting, because as you said "the bad they cause people" is there. Can you affirm that it's never a great solution to ignore the law? Still, sorry if that kind of question isn't the best here.
Also, I understand that even with no Black Hats at all, you'd still need to secure things, that's normal.
(Still here for answers, if anyone passes by)

Yeah it’s a touchy subject so I’m not gonna comment anymore on it

Why Is black hat an essential?

More like is it an essential

And if so, why

does anyone know how to get kali linux on windows 11

Yes.
Any other questions to which you would like answers?

have you tried Kali's website? 😅

https://tenor.com/view/ba-dum-tsss-drum-band-gif-7320811

I'm looking to wipe one of my drives and install kali linux over it. I currently run two drives, one is an SSD and one is my factory C drive. Due to a fatal error, OS corruption, I accidentally ended up installing Windows 11 on my SSD and run my computer off of that. I want to wipe my factory drive, which is now my D drive, and run it strictly off of linux. Any advice?

Dual booting is usually more trouble than it's worth. Strongly recommend running a VM instead

Any VMs you particularly recommend? I've had VirtualBox recommended to me, not sure if any are better or worse than others

Depends on what you are running as the host OS. For windows, VBox, VMWare workstation, Hyper-V are all fine especially as a beginner.

on top of what juun said, you kinda wanna keep things like Kali nicely locked up inside of a VM
I personally like using Hyper-V, VMWare Player is their free version, or VirtualBox but from personal experience, VMware is a tiny bit smoother

Thank you both very much!

Is it considered a Security Vulnerability or Bug if a website is storing Log-in parameter cookies like Email Address in plain text inside the browser cookies?

are they storing the password in plaintext?

As a jwt, probably not

But couldn’t a bad guy send phishing emails to those stored emails?

they won't likely have the same one

nope the password is safe
it is just the email thats exposed

Hiii (whisper)

@safe widget when a mod is dealing with someone doing something illegal, please take a step back

why cant I have access to the ad chats.

I am doing lateral movement

in ad

You do, they're under Networks.

sorry, i foget to tick the list of browsed chanels

Hey guys, I wanted to ask if there is anyway I could do bachelor's in computer science? I'm asking this cuz I had commerce in 12th.

Is it illegal to bruteforce your own account on not your site? I forgot the password to the mail I didnt used for years

Illegal to brute force anything on any site without explicit permission

@burnt night

I think you just answered your own question.

You don't own the account, the providor is just giving you permission to use it.

I am starting a new internship next week and they told me to get familiar with active directory and powershell scripting. Is active directory much different from linux administration because I am way more familiar with linux and from what I've seen powershell scripting isn't much different from bash scripting. Pretty much what I'm asking is there anything I should look out for?

rule of thumb, if you really need to ask if something is illegal, it's almost certain that it is 😂

Yes, Active Directory is different and so is powershell.

I'd start reading the MS docs

Ok thanks

What percent of tryhackme is actually free?

I get paid rooms too often and I can't buy them rn

if i remember correctly

Over 75% of the rooms are free. So 0.75x800=600

paid rooms are often in the paths to incentivise premium, also it's good content

most of the challenge rooms are freebies

hello everyone! i'm hoping this is the right channel to ask more specific questions.

i'm currently doing the SOC L1 path, and it provides a pretty solid base and understanding of its work. however, sometimes i feel parts get muddy and a little harder to grasp.

for context, i have a background in compsci and cybsec, it's my major in university and im on my final year, so im not completely unfamiliar with the learning process. its just that ive noticed that while they expose you to a variety of different tools, it can get especially overwhelming and brain-frying without context on how when some of them are used or applied sometimes. in addition to this, ive found the endpoint monitoring section to especially be an information overload at times? when we have SIEM solutions, i'm not sure why we'd use tools like sysmon manually when we can just forward them as agents on our desired SIEM. lastly, the splunk rooms are really cool, but i noticed that the Splunk: Basics room provides barebones of a tutorial, and when you move onto Splunk: Incident Handling, its a whole new whiplash of different commands and information that THM provides you (which is nice, but i feel like doesn't provide much in the way of self-learning).

i guess what i'm really trying to know is, am i adapting the wrong mindset? i've been told by professionals that the cybsec tools used can vary from company to company, so its moreso just a benefit to understand what types of tools are out there. i also tend to cut out the white noise and learn things that i feel are much more important when it comes to L1 SOC (ie. Understanding how a SIEM works, basic Networking and Monitoring Skills, etc) and as a result, i'll find myself rushing different modules and i'll feel slightly bad about it. i'm already on DFIR and i'm close to finishing my certification and have a roadmap planned for my career. (feel free to ask, im open to guidance). there are many things in this learning path that i definitely will come back onto to read to better grasp an understanding, but i mostly feel bad at times when i display a disinterest for a specific section of a module at times. any advice? note: please ping me! i usually have notifications at a minimum

Holy wall of text.

my bad man, just new here and have alot on my mind 😭

trying my best to really digest the content, without underestimating the position itself

I suggest taking notes on the stuff your learning. It helps so much because you can go back to them and relearn what you learned using the notes. It’s also great if you forget something

youre right, tools will vary differently in each company but youre looking at it in terms of specific tooling. you dont need to get good at the tools provided by THM, they're just there to help you practice

you could say that you dont need to learn sysmon as an L1 analyst but that tool is there to solidify the theoretical knowledge you were taught in earlier modules

Endpoint security is basically the protection of endpoints, like desktops, laptops, phones etc. Administrators use endpoint security to stop threats that are targeting the endpoints if you haven’t already knew that.

this is great advice! ive had it on my mind for a while, but do you recommend my approach in just, going through modules, then coming back to them at a later time for digestion? since there is alot to cover and i feel like if you spend so much time in one area itll just tunnel your vision

this is reassuring to hear, and something i wanted to hear if i were honest. it just felt like if i really spent time on them as tools, only for my hiring company to ask me to learn another tool, id feel like what i was learning would be all for nothing.

of course, right now i'm looking at them as foundational conceptual knowledge

so that when they're brought up i know XYZ about tool and when and where it is used. so in this context sysmon would be utilized by forwarder agents to process logs for example

yeah of course, i just saw that module as like in-depth detailed knowledge to build a foundation on how it works when you actually use a SIEM. since SIEMs process everything anyway, correct?

assuming you and mknukn have industry experience (i have none yet, im working toward it), if you were to do the SOC L1 path again, which sections in each module would you say are very important to learn and focus on? (ie. in network security and traffic analysis itd be snort, wireshark, and zeek for XYZ reasons)

Thing is lol

I don’t have industry experience, I just like cybersecurity and I want to get into the industry

Idk about mknukn tho

That’s hard to say which isn’t important because there all really important. Each of those monitoring systems do different things. So it all depends on what you’re company uses.

are you asking for tools to focus on?

in the learning path yes, tools that would provide the most value learning wise

Personally for the network analysis zeek and wire shark

I also liked grim very much

Snort and ELK i'd say

do you guys have red any books about ethical hacking? books on linux, nmap or maybe other tings? I am starting this journey with Try hack me and i am wondering if i should read a book about it.

Red Team Field Manual is a good for commands etc.

Nmap book is good.

check out #bookclub

Thx!

Read The Fine Material 😂

thank you!!

Gave +1 Rep to @lime fern (current: #112 - 56)

thank you both! your advice has been helpful. i guess the only question i have left is that most SOC L1 duties will be mostly done on a SIEM/SOAR platform and the tools the THM path provides are for practice and to better understand what you're dealing with at a conceptual level yes?

Yeah, you will use enterprise platforms most likely like Crowdstrike, Snort, etc.

hi there

i need help with cryptoanalysis study

can someone tutor/guide me on this topic

I don’t think anyone here will tutor you but if you do the room yourself and need help you can always ask in #room-help

You'll need a lot of initiative in this field as it requires continuous upskilling.

Ayee love this easter egg in the 3M release Thank you THM!

0Day FTW!!! 😂

0day

Holy shit, its 0day

reminds me of linux mints bios screen lol

Still #1. 🥇

Any mentors willing to teach or give a newbie advice in pentesting or in ethical hacking

If you have specific questions, ask them, otherwise going to #start-here is going to be your best bet.

guys

i m tryin to install kali on vmmware

but its just skips install software step nd finishes installation

nd even after submitting correct login nd passwd it says incorrect login nd i m unable to login now

what should i do

have you maybe downloaded a prebuild image?
Try toor as the password with the user root.

yes i did

i m stuck at this step

That hasn't been the default for years now

so what do i do now

i m tired of starting it over nd over again

its just not working

Did you grab the ISO?

yes

ok wait

i downloaded iso file

nd then i also select this

in the start

how can i disable slowmode

it finishes installation without select nd install step

nd then i cant login

The default credit are

Username: kali
Password: kali

yeah but iit asked me for user name nd passwd

so i changed it

OK, what username are you entering?

my name

"dwen" or "Dwen"

dwn

dwen

Then you've probably entered your lass wrong either at login, or when you've created the user.

no i didnt seriously its first name nd short psswd

nd it also didnt complete select nd install software step

its actually installs till the end nd then it says it failed

hey where did u go

If it errors you probably need to start again.

yeah thats what i m doin rn

i m so tired of doin it again nd again

ok a question why do we install kali in vmware in ethical hacking nd like how much i m gonna use it

is there any alternative of it

this

You use VMware because you don't want to break your daily use os. Also it's better to contain anything malicious that might pop up. There are alternatives to VMware and Kali. For hypervisors, you have VirtualBox, hyper-v (on windows), and KVM/qemu (generally on Linux). There are alternatives to kali, such as Parrot, but I'm not a fan personally

oh okkk so hyper - v works fine with kali ?

i m on windows

i cant move forward coz i m stuck on installing kali

You should look up a guide in YouTube.

Should work, with caveats, it has (had) issues with getting a decent resolution without some shenanigans

good to know. I haven't looked at prebuild ones for years.

To be fair, I use vagrant to bootstrap my kali

no idea what bootstrapping is.

nvm. figured it out.

Okkk thnkssss

Okiessss

They may have fixed that though, last time I played with it was 3 years ago

A little bit late, but for me, Kali and Parrot both don't work well in hyper-v

In what way? I hate when people say this at work, but it works fine for me.

Oh okkkk

My Kali just randomly breaks in hyper-v

I mean that's not really helpful. What is the breakage or perceived breakage.

I don't know anymore, last time it broke (and last time I used Hyper-v) was like a year ago

If I remember correctly, it was some problem where it wouldn't log me in. So I was stuck at the login screen

that might be a you thing and not hyper-V

Nah bcs the same iso worked fine in Virtualbox

that doesn't mean anything

the ISO is just the install image, it's not the actual persistent runtime

Hyper-V is really telling you. It's not you it's me, but looks like it's really you 😂

Yeah but i mean, that was immediately after the install

That happens sometimes. It's rare, but bugs do happen during automated installs.

Maybe that's the problem

Morning thm acquaintance strangers 🌅

greetings bit entity

@rugged frigate please leave it to the mods

aight.

huiee

Hey everyone well i wanna ask that if my THM Subscriptions WILL EXPIRE then i am able to complete course and fetch cert or i didnt get anything

Anything you've done stays done

You want to say that if i have enroll in the room so it will not lost my progress i can done rest of things and fetch my cert
Isn't it ??

Correct.

You'll still be able to fetch any certs (can always save them)

You just won't be able to re-access completed subscription rooms

vmware is so much better lol

Better than?

It's probably going to depend on the use case of the environment

Greetings, I would like to ask for guidance on the order in which I should complete the learning paths, as I'm looking for a job as a SOC (Level 1). Currently, I'm undertaking the Pre-Security path, and I have finished the Introduction to Cybersecurity course. My plan is as follows:

Introduction to Cybersecurity
Pre-Security
SOC Level 1
SOC Level 2 (Maybe?)

Extra background info: I'm currently in my last year of my Master of Engineering (MEng) in Informatics and Computer Engineering.

Sounds like a pretty solid goal, that’s actually exactly what I did

Working through the soc 1 right now

Thanks for the confirmation

add the web fundamentals path and the cyber defense one also there

In which order should I complete them?

doesn't matter that much but i would do web fundamentals first because it's easier and could be helpful for the cyber defense one

hi y'all just asking a question about a folder I can't delete. I had a sync issue with onedrive saying I had a folder with the same name, I re-named it but it wouldn't delete, I dont know where the folder came from as I only ever had one, when I renamed there was suddenly two. So I deleted it from one drive and cleared recycle bin.. I then unlinked onedrive and relinked again, restarting my computer various times. I've tried CCcleaner Ive tried recursive deletion through the CLI. Its a folder within a folder within a folder... Year1/Software/Java/eclipse .. and then a load of eclipse subfolders no files. Anyway I got told today I could use an ubuntu boot (USB) and access my file system and delete it, I was wondering if any of you can explain to me how i would do the ubuntu boot, I din't really know you could boot ubuntu and have access to windows folders still so I'm a bit lost

Do you have the Eclipse IDE on your machine?

That could be where it was pointed to place it's stuff

No I deleted a while back, as thorough as I could can't find any traces

But you did have it installed?

Are you mirroring your onedrive locally, or storing everything in the cloud? There could be a weird interaction between the OneDrive app and OneDrive cloud

Yes

Yeah I think this may be the issue. Honestly a bit thick didn’t think to do an actual reset don’t that now seems to be fixed

Also true

Oh never mind it’s not fixed

Discrepancy between CLoud and local storage can often be an ongoing problem.

so initially it was all mirrored locally, I completly unticked everything to free up space so it wasn't stored locally, but then I seemed to have issues with loading soem case folders for axiom software, so just restored it back and then the issue occured when it was attempting to re-sync

I would recommend removing that directory from the automatic cloud sync, delete the entire directory, then delete the files and directories using the cloud app before reconnecting

yeah, it's no longer available on the cloud at all. The directory itself was my onedrive directory, but only containing one folder ->containing subfolders which seemed ot contian eclipse. So even when I unlinked onedrive, It was still available locally as this weird folder which wouldnt delete , all I can do is change the name

so now its just called delete-this-folder and seems to be completly disconnected from onedrive itself ,, my cloudl onedrive folder seems intact

it also wont let me delete any sub directorys within it

ok I spent to much time yapping that i didnt actually try and remove it after the restore I just did, its gone haha

thank you anyway all

as SOC analyst , i confirm , it's a solid path

thanks for the response

hey, guys, can somebody me help? i can not connect with my vpn...

and i don`t see it at manpage as well

#site-support

thanks.

hi everyone i'm new on here, anyone ready to work me through th process of cyber security?

ye - the rooms

#start-here

#bot-commands

https://www.polygon.com/2024/4/20/24134970/discord-arbitration-how-to-opt-out

typical evil corp.

GM

https://github.com/lynnpepin/arbitration-opt-out-templates/blob/main/Discord/discord_opt_out_template.md

for the people who want an email template

😂

hello can someone help me the Room Vm won't work in OpenCti task4
/soc level 1 /threat intellegence/ OpenCTI

/task4

#room-help please.

Im sorry, thank you

Bro do anyone have idea about buffer overflow attack

Is this for a THM room?

Nope

Its actually my project

For school or work?

For school

I'm sorry but we don't help with school work on this discord

Thats okay🥲

shh be quiet

🤨

i sent it

hi

im new

i have a problem with the room microsoft windows hardening somebody can help me ?

#room-help

Web Exploitation CTF Challenge

can someone help me solving this?

we can't help you with ctfs.

Huh?

I assume it's a ongoing ctf.

Best not to assume

What is the meaning of this?

OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.13 (Ubuntu Linux; protocol 2.0)

I am confused now, what should I do now in searchsploit command?
should I search

searchsploit openssh 6.6

or

searchsploit openssh ubuntu

I am confused and tell me how to read the vulnerability on cve mitre website Please. 😅

Is this for a THM room?

No

What's it for?

nmap

scanme.nmap.org

I would recommend you read the tool's documentation as it will walk you through examples of commands. As far as the Mitre stuff, you can use Google dorking to narrow your search results to what you're looking for. There is a THM room, that walks you through basic dorking.

I got it. Although I am not asking for attack. I am just confuse what this OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.13 (Ubuntu Linux; protocol 2.0) is. Ubuntu 2.13 version I am confused with. And OpenSSH 6.6.1p1.. that thing is confusing.

So I am just asking that what those things are. And then the later question is what should I put in searchsploit command.

but yeah I managed it somehow. Found CVE for 6.6 OpenSSH.. also found out that OpenSSH < 9.6 is vulnerable to many things...

Right, and I am trying to set you up in order to perform research. In cybersecurity, it's very important to be able to do your own research and come to your own solutions. That and paperwork make up 95% of the work you're going to do in the industry.

The metasploit manpage/manual will have how they want you to search things lined out.

Yes Boss. And thank you.. ^^ today my 5th day in learning cybersecurity.. so I will learn from top people like you. 🙂

Gave +1 Rep to @tawdry dove (current: #20 - 391)

Haha, nowhere near the top, but giving yourself a solid base is the way to go. Start small and increment your learning. Remember to take breaks.

Thanks for the reminder.. 😅😅 I'll sure learn bcz I'm having so much fun.. but for now it's 2 AM so I should sleep...

Good Night

good night

.

Hello everyone

helorrr ppl

Hello

hi

hello everyone

hallo

hey

high

how are you today?

hello guys

Good morning!

Evening guys

6:30 pm here

Is there a coupon code for the subscription?

Is it good idea to read nmap book from it website? Or just by doing practice I can learn?

Is it worth reading as a beginner like me? Or I can read them later in my life?

How are you going to learn if you don't read?

I mean, is it worth reading full book for now? As I have very less time in my course. Exam is coming. I mean I know basic Nmap now from THM room and from my class.
Just wanted to know do I have to read it now now only? Or I can read them later also? 😅

it always worth reading, what you should ask yourself is I have time to read it, and the answer is yes, you can read a bit bit during your breakfast, a bit during your lunch, and a bit before going to be, or even better designate 1 or 2 hours to read during the day. The real question is do I have the willpower to do it 😉 🙂

OK I got it.

Students get 10% off or something right?

20% off

Wish I used it haha!

Is there anyway to update a subscription and use my student discount

Monthly or annual?

Monthly

Yeah cancel your sub. Then change your email to your academic email